Making Forensic Attack Event/forensic Analysis as Simple as Possible and No Simpler
|
|
- Sophia Lane
- 6 years ago
- Views:
Transcription
1 Making Forensic Attack Event/forensic Analysis as Simple as Possible and No Simpler Sean Peisert, UC Davis Given at Schloss Dagstuhl July 22,
2 Electronic Voting Machines Need to be able to count ballots Need to be able to determine if and how a machine failed. Cannot allow a voter to indicate to an auditor who they are (vote selling) Cannot allow an auditor to determine who a voter is (voter coersion) This leads to a direct conflict. So how do we balance this? Add noise Enforce regularity 2 2
3 Existing Technical Solutions and the Insider Problem Access Control Intrusion Detection Anomaly-Based Detection Misuse-Based Detection Signature-Based Detection 3
4 Optimistic Access Control Security and usability are in conflict. Ideally, a system should block all forbidden actions and permit all allowed actions. (This is not feasible.) Policies can be binary (block access) or flexible (perform this countermeasure). Policies can be static (always do this) or dynamic (uh oh an intruder) Many possible countermeasures exist log checkpoint/replay make a particular partition read-only Many possible dynamic approaches exist Use an a standard IPS Incorporate external factors 4
5 So we need to focus on non-binary (e.g., post mortem analysis). 5
6 What is forensic Analysis? forensic analysis is the process of answering the questions: How did an event take place? What was the nature of the event? What were the effects of the event? forensic analysis applies to arbitrary events. This can include attacks, but is not limited to attacks (e.g., mistakes). forensic analysis is not intrusion detection. The goal of intrusion detection is to determine whether an attack occurred. 6 6
7 Transparent Society (abbreviated from David Brin s ideas) Anyone can know anything. There is no privacy. It s better if everyone knows everything than if a few people know everything. Watching the watchers R. Heinlein: privacy laws only make the bugs smaller. 7
8 Audit trails are... Is it is not well understood what forensic data is necessary, and there is no general solution to find that data. Data is often redundant, missing, vague, or misleading. Forensic analysis is worthless with bad data. We re wasting time, drawing bad conclusions, and making bad decisions. We need better data. A systematic approach to forensic logging gives better data and better analysis. 8 8
9 Current State Decent tools, but what problem do they solve? file & filesystem analysis (Coroner s Toolkit, Sleuth Kit, EnCase, FTK) syslog, tcpwrappers, Windows event logs BSM process accounting logs IDS logs packet sniffing 9 9
10 Forensics What do we need? What are we missing? 10 10
11 What are the assumptions for using current forensic tools? Often that there s only one person who had access to the machine. Often that the owner of the machine was in complete control (as opposed to malware). Probably a lot of other assumptions that we have no clue about
12 For forensics, we need to... go back to the beginning. understand what the purpose of the analysis is understand what data can answer that purpose, with X% accuracy, and under a set of Y assumptions log the data give tools and techniques to an analyst to analyze that data 12 12
13 Art & Science But computer science can only answer part of it. Forensic analysis is an art, but there are scientific components. What are they? Determining what to log Determining relevance of logged data what is relevant? what is not relevant? under what circumstances something might be relevant? Using the results to constrain and correlate data. This can be measured, systematized and automated
14 Logging Two options: Log everything (e.g., all non-deterministic events), and capture upon replay Log selectively Ad hoc Systematic (e.g., based on security policies) 14 14
15 A Systematic Approach is Better Given system S, that records data D, what intrusions ID can we understand with the data we have? Given intrusions I, what additional data DI do we need to record to analyze those intrusions? Given an arbitrary system defined by certain specifications, what information must be logged to detect violations of those specifications? 15 15
16 Laocoön Laocoön: A Model of Forensic Logging Attack graphs of goals. Goals can be attacker goals or defender goals (i.e., security policies ) Pre-conditions & post-conditions of events to accomplish goals. Method of translating those conditions into logging requirements. Logs are in a standardized and parseable format. Logged data can be at arbitrary levels of granularity
17 Goals Premise: compute resources are cheap, human time is expensive. Understand the scope of the possible data, analyses, and conclusions. Be able to define (or place bounds on) what necessary information is present and what is missing. Assuming all potentially relevant information is recorded (e.g., by extrospection of a virtual machine), be able to correlate and prune the information necessary for a human to analyze. 17
18 Attack Graphs Intruder goals can be enumerated. Vulnerabilities, attacks, and exploits cannot (or in many cases, we would patch them, or they would inhibit usability). start of attack intermediate steps (too many!) end goals of intruder a b c d Defender goals can also be enumerated. They are called security polices
19 Security Policies Legal policies (HIPAA, Sarbanes-Oxley) Formal policies (Bell-LaPadula, Chinese Wall) Actual metrics Severity (path length, time, difficulty) Attack Surface Metric Historically known vulnerabilities 19 19
20 Security Policies Security policies can be reverse-engineered or enforced, automatically. i.e., determine the current policy, and modify. Policies can be binary (block access) or flexible (log something). Policies can be static (always do this) or dynamic (uh oh an intruder) Assumptions get in the way of security. What are they? 20 20
21 Applying Security Policies Applying Laocoön to security policies guides where to place instrumentation and what to log. The logged data needs to be correlated with a unique path identifier. Branches of a graph unrelated to the attack can be automatically pruned. Avoid recording data where events can be recreated because they are deterministic
22 Pruning Paths start of attack intermediate steps end goals of intruder start of attack intermediate steps end goals of intruder A B C D A B C D 22 22
23 Pruning Paths 23
24 Pruning Paths Graph 62 Node 1 Node 3 Node 4 Node 5 24
25 Pruning Paths Graph 62 Node 1 Exploit Node 3 Node 4 Node 5 25
26 Complex Attack Graph a b c d 26 26
27 Summary Forensics, attack analysis, logging, and auditing are broken. We have developed methods to correlate and constrain data that needs to be analyzed. We have developed methods for logging based on known vulnerabilities. We have developed methods for integrating societal needs (e.g., law) with forensic logging and auditing capabilities
28 Thank you Questions? Sean Peisert 28
Vote Selling, Voter Anonymity, and Forensic Logging of Electronic Voting Machines
Vote Selling, Voter Anonymity, and Forensic Logging of Electronic Voting Machines Sean Peisert Matt Bishop Alec Yasinsac given at HICSS 09 Waikoloa, HI January 7, 2009 1 Meltdowns in Elections Most have
More informationToward Models for Forensic Analysis
Toward Models for Forensic Analysis Sean Peisert (UC San Diego) Matt Bishop (UC Davis) Sid Karin (UC San Diego) Keith Marzullo (UC San Diego) SADFE 07 April 11, 2007 1 What is Forensic Analysis? Forensic
More informationComputer Forensics In Forensis
Computer Forensics In Forensis Sean Peisert, UC Davis Matt Bishop, UC Davis Keith Marzullo, UC San Diego SADFE ~ May 22, 2008 Oakland, CA 1 What happened?? 2 2 Tradeoffs & Forensics Security vs. Usability
More informationForensic Analysis through Goal-Oriented Logging
Forensic Analysis through Goal-Oriented Logging Sean Peisert UC San Diego research done with Matt Bishop (UC Davis), Sid Karin (UCSD), and Keith Marzullo (UCSD) 1 SHERLOCK HOLMES: It is of the highest
More informationCourse 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
More informationAsset Analysis -I. 1. Fundamental business processes 2.Critical ICT resources for these processes 3.The impact for the organization if
Asset Analysis Asset Analysis -I It discovers the assets that result in an impact (a loss for the organization) if successfully attacked It should discover which ICT resources an organization needs to
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationDr. Stephanie Carter CISM, CISSP, CISA
Dr. Stephanie Carter CISM, CISSP, CISA Learning Objectives (LO) LO1 Will learn the theological and practitioner definition of cybersecurity LO2 Will learn the dependency between physical and cyber security
More informationSPECIAL ISSUE, PAPER ID: IJDCST-09 ISSN
Digital Forensics CH. RAMESH BABU, Asst.Proffessor, Dept. Of MCA, K.B.N.College, Vijayawada Abstract: The need for computer intrusion forensics arises from the alarming increase in the number of computer
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More information18-642: Security Mitigation & Validation
18-642: Security Mitigation & Validation 11/27/2017 Security Migitation & Validation Anti-Patterns for security mitigation & validation Poorly considered password policy Poorly considered privilege management
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationIt was a dark and stormy night. Seriously. There was a rain storm in Wisconsin, and the line noise dialing into the Unix machines was bad enough to
1 2 It was a dark and stormy night. Seriously. There was a rain storm in Wisconsin, and the line noise dialing into the Unix machines was bad enough to keep putting garbage characters into the command
More informationNational Cyber Security Operations Center (N-CSOC) Stakeholders' Conference
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks
More informationSecurity Incident Investigation
Security Incident Investigation A Seminar Presented to CERIAS at Purdue University Peter Stephenson, CPE, PCE Director of Technology Global Security Practice, Netigy Corp. peter.stephenson@netigy.com Background
More informationIntroduction Challenges with using ML Guidelines for using ML Conclusions
Introduction Challenges with using ML Guidelines for using ML Conclusions Misuse detection Exact descriptions of known bad behavior Anomaly detection Deviations from profiles of normal behavior First proposed
More informationDigital Forensics Lecture 01- Disk Forensics
Digital Forensics Lecture 01- Disk Forensics An Introduction to Akbar S. Namin Texas Tech University Spring 2017 Digital Investigations and Evidence Investigation of some type of digital device that has
More informationAccess control models and policies. Tuomas Aura T Information security technology
Access control models and policies Tuomas Aura T-110.4206 Information security technology 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline 2 ACCESS CONTROL 3 Access control
More informationFundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring
Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationMICROCIRCUIT SECURITY
MICROCIRCUIT SECURITY Everything begins in the chip. Sawblade Ventures, LLC Austin, Texas Chip Security Vulnerability: How to Close the Gap Between Design Software & Design Hardware CTEA Electronics Symposium
More informationCS Review. Prof. Clarkson Spring 2017
CS 5430 Review Prof. Clarkson Spring 2017 Recall: Audit logs Recording: what to log what not to log how to log locally remotely how to protect the log Reviewing: manual exploration automated analysis MANUAL
More informationChapter 7: Hybrid Policies
Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Slide #7-1 Overview Chinese Wall Model Focuses on conflict of interest CISS Policy Combines
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationThe IS Audit Process Part-1 Four key objectives
The IS Audit Process Part-1 Four key objectives a. Defining auditing and auditors b. The audit planning process c. Risk analysis d. Internal controls Auditing & Auditors: an evaluation process of an org,
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationIP Profiler. Tracking the activity and behavior of an IP address. Author: Fred Thiele (GCIA, CISSP) Contributing Editor: David Mackey (GCIH, CISSP)
Security Intelligence June 2005 IP Profiler Tracking the activity and behavior of an IP address Author: Fred Thiele (GCIA, CISSP) Contributing Editor: David Mackey (GCIH, CISSP) Page 2 Contents 3 Profiling
More informationPart 5. Verification and Validation
Software Engineering Part 5. Verification and Validation - Verification and Validation - Software Testing Ver. 1.7 This lecture note is based on materials from Ian Sommerville 2006. Anyone can use this
More informationInformation Security. Structure. Common sense security. Content. Corporate security. Security, why
Information Security Teemupekka Virtanen Helsinki University of Technology Telecommunication Software and Multimedia Laboratory teemupekka.virtanen@hut.fi Structure 1. Information security What, why, content
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Professor, SIS Lecture 12 2016 Intrusion Detection, Auditing System Firewalls & VPN 1 Intrusion Detection 2 Intrusion Detection/Response Denning:
More informationCSE 127: Computer Security. Security Concepts. Kirill Levchenko
CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify
More informationCEH: CERTIFIED ETHICAL HACKER v9
CEH: CERTIFIED ETHICAL HACKER v9 SUMMARY The Certified Ethical Hacker (CEH) program is the core of the most desired information security training system any information security professional will ever
More informationDefining Computer Security Incident Response Teams
Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that
More informationGibson: 3D Visualization and Modeling of Real Time Security Events. Dan Klinedinst
Gibson: 3D Visualization and Modeling of Real Time Security Events Dan Klinedinst gibson3d.org @dklinedinst Who Am I? Security Researcher at Carnegie Mellon University Security of enterprise systems Primarily
More informationThe State of the Hack. Kevin Mandia MANDIANT
The State of the Hack Kevin Mandia MANDIANT Who Am I? Adjunct Professor Carnegie Mellon University 95-856 Incident Response Master of Information System Management The George Washington University Computer
More informationCSE543 - Computer and Network Security Module: Intrusion Detection
CSE543 - Computer and Network Security Module: Intrusion Detection Professor Trent Jaeger 1 Intrusion An authorized action... that exploits a vulnerability... that causes a compromise... and thus a successful
More informationIntrusion Detection Systems
Intrusion Detection Systems Dr. Ahmad Almulhem Computer Engineering Department, KFUPM Spring 2008 Ahmad Almulhem - Network Security Engineering - 2008 1 / 15 Outline 1 Introduction Overview History 2 Types
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-1 3. Purpose: Standard CIP-007 requires Responsible Entities to define methods, processes, and procedures for securing
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationIntruders and Intrusion Detection. Mahalingam Ramkumar
Intruders and Intrusion Detection Mahalingam Ramkumar Intruders A significant issue for networked systems hostile or unwanted access either via network or local Classes of intruders: masquerader misfeasor
More informationFive Critical Rules for Firewall Management: Lessons from the Field
Five Critical Rules for Firewall Management: Lessons from the Field Executive Summary Firewall management remains an organisation s primary network defence. It commands more time from network security
More informationCOMPUTER FORENSICS (CFRS)
Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics
More informationAdvanced Systems Security: Multics
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationManaged. Code Rootkits. Hooking. into Runtime. Environments. Erez Metula ELSEVIER. Syngress is an imprint of Elsevier SYNGRESS
Managed Code Rootkits Hooking into Runtime Environments Erez Metula ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Intruders & Attacks Cyber criminals Activists State-sponsored organizations Advanced Persistent
More informationFireMon Security manager
FireMon Security manager Regain control of firewalls with comprehensive firewall management The enterprise network is a complex machine. New network segments, new hosts and zero-day vulnerabilities are
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationDigital Forensics at a University. Calvin Weeks Director, Oklahoma Digital Forensics Lab University of Oklahoma
Digital Forensics at a University Calvin Weeks Director, University of Oklahoma Calvin Weeks Director, Former Director of IT Security Certified EnCASE Examiner (EnCE) VP of the local chapter of HTCIA Co-Chair
More informationCERTIFICATION RESOURCE GUIDE
F5 Certified! 303 ASM Technology Specialist CERTIFICATION RESOURCE GUIDE Purpose of this Document This document outlines topic areas covered on the F5 ASM Specialists Certification Exam and resources available
More informationThe Convergence of Security and Compliance
ebook The Convergence of Security and Compliance How Next Generation Endpoint Security Manages 5 Core Compliance Controls Table of Contents Introduction....3 Positive versus Negative Application Security....3
More informationDumb Ideas in Computer Security. Dr Charles P Pfleeger Pfleeger Consulting Group 19 July 2011
Dumb Ideas in Computer Security Dr Charles P Pfleeger Pfleeger Consulting Group 19 July 2011 chuck@pfleeger.com Pfleeger Consulting Group 2011 Marcus Ranum s Six Dumbest Ideas The Six Dumbest Ideas in
More informationLessons learned from 2G,3G,4G what we need to fix in 5G ETSI Security Week G Security Adrian Dabrowski
Lessons learned from 2G,3G,4G what we need to fix in 5G ETSI Security Week 2017 5G Security Adrian Dabrowski adrian.dabrowski@tuwien.ac.at @atrox_at Co-Authors: David Rupprecht, Thorsten Holz, Edgar Weippl,
More informationIsolating Compromised Routers. Alper Mizrak, Keith Marzullo and Stefan Savage UC San Diego Department of Computer Science and Engineering
Isolating Compromised Routers Alper Mizrak, Keith Marzullo and Stefan Savage UC San Diego Department of Computer Science and Engineering Problem Routers are vulnerable points in the Internet, especially
More informationTen Security Tips for SQL Server. Andy Warren
Ten Security Tips for SQL Server Andy Warren http://sqlandy.com http://linkedin.com/in/sqlandy Idera SQL Compliance Manager Improve any SQL Server Audit Audit Sensitive Data - see who did what, when, where,
More informationEmerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan
Emerging Threat Intelligence using IDS/IPS Chris Arman Kiloyan Who Am I? Chris AUA Graduate (CS) Thesis : Cyber Deception Automation and Threat Intelligence Evaluation Using IDS Integration with Next-Gen
More informationInformation Lifecycle Management for Business Data. An Oracle White Paper September 2005
Information Lifecycle Management for Business Data An Oracle White Paper September 2005 Information Lifecycle Management for Business Data Introduction... 3 Regulatory Requirements... 3 What is ILM?...
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationImproving Your Network Defense. Joel M Snyder Senior Partner Opus One
Improving Your Network Defense Joel M Snyder Senior Partner Opus One jms@opus1.com Agenda: Improving Your Network Defense What s the Thesis? Intrusion Detection Collecting Information Enabling Features
More informationSecurity Principles and Policies CS 136 Computer Security Peter Reiher January 15, 2008
Security Principles and Policies CS 136 Computer Security Peter Reiher January 15, 2008 Page 1 Outline Security terms and concepts Security policies Basic concepts Security policies for real systems Page
More informationThe GenCyber Program. By Chris Ralph
The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest
More informationSystematic generation of attack scenarios against industrial systems
Systematic generation of attack scenarios against industrial systems Maxime Puys, Marie-Laure Potet and Jean-Louis Roch VERIMAG, University of Grenoble Alpes / Grenoble-INP, France Firstname.Name@imag.fr
More informationCS 591: Introduction to Computer Security. Lecture 3: Policy
CS 591: Introduction to Computer Security Lecture 3: Policy James Hook Objectives Explore what a security policy is; develop a vocabulary to discuss policies Examine the role of trust in policy 1 What
More informationCTF Workshop. Crim Synopsys, Inc. 1
CTF Workshop Crim2018 31.10.2018 2018 Synopsys, Inc. 1 CTF (Capture the Flag) Capture the Flag (CTF) is a computer security competition. CTF are usually designed test and teach computer security skills.
More informationOverview Intrusion Detection Systems and Practices
Overview Intrusion Detection Systems and Practices Chapter 13 Lecturer: Pei-yih Ting Intrusion Detection Concepts Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy
More informationMFP: The Mobile Forensic Platform
MFP: The Mobile Forensic Platform Abstract Digital forensics experts perform investigations of machines for triage to see if there is a problem, as well as to gather evidence and run analyses. When the
More informationData Breach Preparedness & Response
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationData Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationIndigoVision. Control Center. Security Hardening Guide
IndigoVision Control Center Security Hardening Guide Control Center THIS MANUAL WAS CREATED ON MONDAY, JANUARY 15, 2018. DOCUMENT ID: IU-SMS-MAN011-2 Legal Considerations LAWS THAT CAN VARY FROM COUNTRY
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More informationSecurity Enhancements
OVERVIEW Security Enhancements February 9, 2009 Abstract This paper provides an introduction to the security enhancements in Microsoft Windows 7. Built upon the security foundations of Windows Vista, Windows
More informationClient Computing Security Standard (CCSS)
Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices
More informationWeb 2.0, Consumerization, and Application Security
Web 2.0, Consumerization, and Application Security Chenxi Wang, Ph.D. Principal Analyst Forrester Research OWASP, New York City September 25, 2008 Today s enterprises face multitude of challenges Business-driven
More informationInternal Audit Report DATA CENTER LOGICAL SECURITY
Internal Audit Report DATA CENTER LOGICAL SECURITY Report No. SC 12 06 June 2012 David Lane Principal IT Auditor Jim Dougherty Principal Auditor Approved Barry Long, Director Internal Audit & Advisory
More informationCIT 480: Securing Computer Systems. Putting It All Together
CIT 480: Securing Computer Systems Putting It All Together Assurance 1. Asset identification 1. Systems and information assets. 2. Infrastructure model and control 1. Network diagrams and inventory database.
More informationIntrusion Detection and Prevention
Intrusion Detection and Prevention Outlines: Intrusion Tpesof Types Intrusion Intrusion Detection Models Intrusion Prevention Models By: Arash Habibi Lashkari July 2010 Network Security 07 1 Definition
More informationMaximizing IT Security with Configuration Management WHITE PAPER
Maximizing IT Security with Configuration Management WHITE PAPER Contents 3 Overview 4 Configuration, security, and compliance policies 5 Establishing a Standard Operating Environment (SOE) and meeting
More informationSecure Programming Techniques
Secure Programming Techniques Meelis ROOS mroos@ut.ee Institute of Computer Science Tartu University spring 2014 Course outline Introduction General principles Code auditing C/C++ Web SQL Injection PHP
More informationNetDetector The Most Advanced Network Security and Forensics Analysis System
Get Real......Real Solutions For Global Networks www.niksun.com NetDetector The Most Advanced Network Security and Forensics Analysis System NIKSUN, Inc. 1100 Cornwall Road Monmouth Junction, NJ 08852
More informationIntrusion Detection Issues and Technologies
Intrusion Detection Issues and Technologies Julie J.C.H. Ryan, D.Sc. Presented to the Department of Veteran Affairs InfoSec2002 New Orleans May 2002 Detecting Intrusions Detection is one phase of security
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationCSE543 - Computer and Network Security Module: Intrusion Detection
CSE543 - Computer and Network Security Module: Intrusion Detection Professor Trent Jaeger CMPSC443 - Introduction to Computer and Network Security 1 2 Intrusion An authorized action... that exploits a
More informationOutline. Intrusion Detection. Intrusion Detection History. Some Challenges. Network-based Host Compromises. Host-based Network Intrusion Detection
Intrusion Detection CS 161/194-1 Anthony D. Joseph September 14, 2005 History Outline Network-based Host Compromise Host-based Network Intrusion Detection Signature-based Anomaly-based Distributed Network
More informationIntroduction and Charge
GENI and Security Deborah Frincke, PNNL, co-chair Matt Bishop, UCD, co-chair Chen-Nee Chuah, UCD, community collaborator Karl Levitt, NSF, NSF co-ordinator Mike Reiter, CMU, GENI security leader and provider
More informationintelop Stealth IPS false Positive
There is a wide variety of network traffic. Servers can be using different operating systems, an FTP server application used in the demilitarized zone (DMZ) can be different from the one used in the corporate
More informationInline Reference Monitoring Techniques
Inline Reference Monitoring Techniques In the last lecture, we started talking about Inline Reference Monitors. The idea is that the policy enforcement code runs with the same address space as the code
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationSIEM Overview with OSSIM Case Study. Mohammad Husain, PhD Cal Poly Pomona
SIEM Overview with OSSIM Case Study Mohammad Husain, PhD Cal Poly Pomona 1 SIEM SIEM = Security Information and Event Management Collects security information from multiple sources; internal and external
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationThe Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls
The Convergence of Security and Compliance How Next Generation Endpoint Security Manages 5 Core Compliance Controls Table of Contents Introduction.... 3 Positive versus Negative Application Security....
More informationChapter 7 Forensic Duplication
Chapter 7 Forensic Duplication Ed Crowley Spring 11 Topics Response Strategies Forensic Duplicates and Evidence Federal Rules of Evidence What is a Forensic Duplicate? Hard Drive Development Forensic Tool
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationSecurity Technologies for Dynamic Collaboration
Special Issue Advanced Technologies Driving Dynamic Collaboration Featuring System Technologies Security Technologies for Dynamic Collaboration By Hiroshi MIYAUCHI,* Ayako KOMATSU, Masato KAWATSU and Masashi
More informationELEC 377 Operating Systems. Week 12 Class 2
ELEC 377 Operating Systems Week 12 Class 2 Admin Lab 4/5 Will be marked shortly Quiz #3 returning today Today Unix History What is a Root Kit? Root Kit is software to hide the evidence of system modification
More information